Previous Topic: one_way_trustNext Topic: register


pam

The [pam] section contains tokens that UNAB uses to interact with the PAM module.

debug_mode_for_user

Defines whether the PAM module can print messages to the user screen during login.

Options: yes, no

Default: yes

home_directory_permission

Specifies the default file permissions that are assigned to the user home directory.

Values: 0-7

Default: 700

Example: 700—indicates that each user has read, write, and execute permissions to their home directories only.

pam_ad_password_only

Defines the PAM module behavior when the mapped user logs in with a local password.

Options: yes, no

Default: yes

pam_delete_user_ccache

Defines whether the pam_uxauth module deletes the Active Directory user credentials cache upon login completion.

Values: Yes (Delete the AD user credentials after login), no (The credentials cache is not changed)

Default: No

pam_exit_on_deny

Defines the PAM module behavior if the login was denied due to enterprise or local policy settings or Active Directory account state.

Options: yes (The PAM module closes the sequence and prevents other PAM modules from authenticating the user), no (The PAM module does not close and enables other PAM modules to authenticate the user. The no value allows the login server to retry the PAM sequence call)

Default: yes

pam_receive_timout

Specifies the time, in seconds, that the PAM module waits for the UNAB agent (uxauthd) to respond.

Limits: any positive integer.

Default: 10

user_minimal_uid

Defines the minimal UID for the local storage to authenticate in the Active Directory.

Values: any positive number.

Default: 101